Did you check the proxy settings?
----- Original Message ----- From: "Daniel H. Renner" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 30, 2003 12:23 AM Subject: [Full-Disclosure] Reverse http traffic > Hello, > > I had a case recently wherein one of a client's systems (Win2k) could > not access http, or mail traffic. At the same time, 2 other systems > (Win95 and Xandros) could, and yet he could access all of the other > network shares via TCP. > > He brought it to my shop, it was patched up, already had the latest > anti-virus defs, and it got on the 'net fine here. He returned with it > and set it up - and could not get any http or email. > > I went to his office to see what was up, hooked in my little 'kneetop' > (Sony Picturebook) and browsed just fine. > > I then installed a Linux firewall on a spare computer, replaced the > Linksys router with it and instantly his Win2k was able to browse and > get email. > > I checked the firewall logs and saw quite a few attempts from a Google > IP address (whois-ed, but I'm not ignoring that it was possibly spoofed) > that was sending IN traffic with a source port of 80 and a destination > port in the temporary range (33xx) - eh??? > > I can speculate (otherwise known as 'assume' :) that this site was > trying to spoof my client's system into accepting some traffic by using > a reverse-flow, but... > > Can anyone tell me what actually could cause this? > > > -- > > > Thank you, > > Dan Renner > President > Los Angeles Computerhelp > http://losangelescomputerhelp.com > 818.352.8700 > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html